Smart meters may need to be a little smarter, and safer

Here’s a scary thought just released on Halloween, what if your smart meter were leaking information about you to the world?

Automatic Meter Reading systems may need better security, according to a USC team.

With millions of so-called “smart meters” being installed in the U.S. annually, utility companies are getting closer to creating a smart grid that can target energy delivery where it’s needed and thus avoid having to run extra capacity at power plants. It’s a potential win-win that could help keep energy prices affordable.

To create this eco-friendly future, utilities must be able to gather data on how much electricity, natural gas and water specific households are using. Thus was born the smart meter, which can suck in and spit out this data, sending it via wireless technology back to the utility company.

But are these meters safe and secure? An experiment by University of South Carolina researchers says, no, not entirely.

Wenyuan Xu, a professor at USC’s College of Engineering and Computing, and a team of students found they could tap into this utility information as it spewed into the ether.

"There's been a lot of discussion about smart meters and whether they're secure or not," said Xu in a statement about her project. "But smart meters are not yet widespread. So we wanted to look at the wireless readers common now. Are they secure? Will they leak private information?"

Xu and her team reported to an October meeting of the Association for Computing Machinery (ACM) that they found the system they tested was not secure and did not protect the privacy of the users linked into it.

The Automatic Meter Reading (AMR) system they tested allows a utility truck to drive into a neighborhood and quickly download information from smart meters within the truck’s wireless range. That’s efficient for the utility company, but the USC team found that they could crack into the system by mimicking this operation.

Xu's team was able to “reverse-engineer the transmissions” to obtain access to the same usage data the utility company had collected.

Assistant Prof. Wenyuan Xu

After figuring out how to read the data, they conducted an independent text of their new ability by eavesdropping on a local apartment complex using a laptop and an antenna. They found they were able to detect dozens of nearby electricity metes, and by adding an inexpensive amplifier to the system, they could gather electrical data from hundreds of apartment units, ranging up to 500 yards away.

Granted, the information revealed only pertained to utility usage, but from that the students could deduce details that could be used against the occupants, such as when the inhabitants got up, went to work and got home.

They were also able to discern that 27 of the apartment units were unoccupied, leaving them vulnerable to burglars.Xu says she is careful not to offer too many details in her articles on the team’s work, but wants to send a message to utilities and smart meter manufacturers that they should shore up security before moving ahead.

Simply relying on today’s conceptual “security through obscurity” — the idea that this information is kept in batches that helps obscure specific information about the associated individuals — may not be enough.

"We don't want the bad guys to know too much. It's about letting the right people know what needs to be better protected," she said, suggesting that the meter data probably should be encrypted before it’s transmitted.